This invention relates generally to authenticating and validating electronic data, and more particularly to providing security for, and enforcing restrictions on the use of, electronic data.
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. The following notice applies to the software and data as described below and in the drawing hereto: Copyright(copyright) 1997, Microsoft Corporation, All Rights Reserved.
Electronic data is inherently intangible and not easily identifiable as to its origin, date of creation, or what restrictions may apply to it. Computer users frequently download software applications from the Internet but in many cases the user cannot tell if the application is authored by the owner of the download site or by someone else. Information, such as news articles, short stories, jokes and cartoons, is also available for download but the user often cannot tell if the information has been posted with the permission of the author, or if the information can be reused or modified without interfering with someone""s intellectual property rights.
While the source of electronic data distributed on xe2x80x9chardxe2x80x9d media such as CD-ROM or floppy disk can be identified by labeling the media, the data itself can be changed after the media left the author. Furthermore, although hard media is usually distributed under license, the enforcement of the licensing terms is difficult.
A xe2x80x9cpublic key/private keyxe2x80x9d approach has been employed to address the problems of authentication and validation of electronic data. In a public key/private key scheme, the author encrypts the data with a private key. The encrypted data can only be decrypted using the author""s public key. If the recipient uses the public key and the use of the public key properly decrypts the encrypted data, the recipient can be certain the data originated with the author. For extra security, the data can be encrypted several times, using layers of public and private keys of both the author and recipient. The process quickly becomes complicated and prone to error.
Similar encryption schemes have been used to require a user to register or pay a fee for the use of the electronic data. The data is encrypted and the author only provides the decrypting key upon registration or payment. Such limited licensing enforcement has not been successful, however, because, among other reasons, many users want to review the data before registering and find the decryption process confusing.
Electronic certificate authorities, such as Verisign, Inc., provide for some authentication of electronic data by supplying individuals and companies with certificates which uniquely identify the individual or company. The author includes the certificate with the electronic data to identify the source of the data. Electronic certificates are also frequently combined with encryption of the data to provide a minimal level of security for the data. However, nothing in the certificate prevents someone from redistributing the data as their own work, or from modifying the data.
One approach to memorializing the creation of electronic data uses an encryption routine, often referred to as a xe2x80x9cone-way hash,xe2x80x9d to reduce the electronic data to a unique number-letter combination, or hash value, from which the data itself cannot be reproduced. The hash is then sent to a trusted third-party which gives each hash value a sequence number based on the order in which it is received. If a second person hashes the same data with the same hash algorithm (producing the same hash value) and sends the hash value to the same third-party service, the sequence number of the second hash value is greater than that of the first. The trusted party publishes the hash values and the sequence numbers. A receiver of the electronic data generates the hash value and matches it against the published list to determine of more than one sequence number has been assigned. The receiver of the data is responsible for determining if the data it received originated with the author because the third-party service does not authenticate the senders.
Thus, an author must make sure to register the hash before the electronic data is released publicly. Furthermore, if the second person sends the second hash value to a different third-party service, the sequence numbers cannot be compared as they do not indicate the time and/or date of the submission.
Therefore, what is needed is a mechanism to guarantee the authenticity and validity of electronic data, to enforce use restrictions on the data, to memorialize the creation of the data, and to do so without requiring the author or the recipient to understand complicated encryption schemes.
The above-mentioned shortcomings, disadvantages and problems are addressed by the present invention, which will be understood by reading and studying the following specification.
Security services and policy enforcement for electronic data is provided through a series of transactions among a server and clients using electronic certificates which are associated with the electronic data. A first client, an author or originator of electronic data, generates a digest of the data using a one-way hashing algorithm, creates a request for a security certificate specifying type of security and policy level, and sends the security certificate request and digest to the server of a trusted arbitrator. The server authenticates the first client, registers, timestamps and logs the certificate and digest, and returns an electronically signed confirmation receipt to the first client. The confirmation receipt contains the digest and the first client can optionally insert the receipt into the security certificate. The first client combines the security certificate with the data, and distributes the combination as a distribution unit.
A second client, a user, acquires the distribution unit, extracts the data from the distribution unit, and generates a digest from the data using the same hashing algorithm. When the security certificate contains the digest generated by the first client, the second client compares the digests. If the digests match, the distribution unit acquired by the user is valid. If the digests do not match, the file cannot be validated.
If the security certificate does not contain a signed confirmation receipt or the user cannot validate the signature, the user submits the digest to the server. The server compares the digest generated by the user with the logged digest. If the digests match, the distribution unit acquired by the user is valid and the server returns a valid message. If the digests do not match, the server returns an invalid message.
Depending on the certificate type and policy level, the server provides other services to the clients, such as notification of updates to the data, notification of improper user of the data, and payment for the use of the data.
The supporting functions for the clients are automatically provided by modules, or components, in standard software so the author and the user do not have to concern themselves with complicated encryption/decryption schemes. The server functions are additional components to server software that already provides electronic certificates.
Thus, the present invention guarantees the authenticity and validity of the electronic data and enforces use restrictions on the data through the use of the certificates. Furthermore, because the server has authenticated the first client prior to creating the certificate, and time stamps the digest that is generated from the electronic data along with the security certificate, the verification log serves to memorialize the first client and creation time of the data.
The present invention describes systems, clients, servers, methods, and computer-readable media of varying scope. In addition to the aspects and advantages of the present invention described in this summary, further aspects and advantages of the invention will become apparent by reference to the drawings and by reading the detailed description that follows.